On Thu, Jun 2, 2011 at 12:07 PM, George Niculae <[email protected]> wrote: > Hi Guys, > > I have the following config in AD server > > DC=corp,DC=ezuce,DC=com > - OU=people > -- CN=Test User > -- OU=test > --CN=Test1 User1 > > When I specify Search base as OU=people,DC=corp,DC=ezuce,DC=com I can > log in user portal with both Test User and Test1 User1 (from sub OU > test). However when I put DC=corp,DC=ezuce,DC=com as search base users > cannot login (and the only difference is that DC=corp,DC=ezuce,DC=com > it contains referrals). > > Anyone using LDAP integration seen this behavior?
In case you see it: problem is with current Acegi library and LdapTemplate implementation - it cannot handle AD referrals properly. This was solved in Spring Security by adding a new method called ignorePartialResultException with following disclaimer: Note for Active Directory (AD) users: AD servers are apparently unable to handle referrals automatically, which causes a PartialResultException to be thrown whenever a referral is encountered in a search. To avoid this, set the ignorePartialResultException property to true. There is currently no way of manually handling these referrals in the form of ReferralException, i.e. either you get the exception (and your results are lost) or all referrals are ignored (if the server is unable to handle them properly. Neither is there any simple way to get notified that a PartialResultException has been ignored (other than in the log). We really need to update our library (http://track.sipfoundry.org/browse/XX-8350 scheduled for 5.0), not sure if feasible for 4.4 or 4.6 - would like to hear opinions on this Thanks George _______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev/
